Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: trojan downloader:win32/cutwail.ba HELP!

01 Jul 2010   #11
CorneliusM

windows 7 Home Premium 64 Bit
 
 

Quote   Quote: Originally Posted by Thorsen View Post
The keygen is an activation tool to use Office without paying for it thus pirating. If you used the keygen, then that could be where the virus came from. You should probably uninstall Office as well as the keygen could have infected files in Office.

If you want a free Office program, get OpenOffice it is a very good alternative to Microsoft Office: OpenOffice.org - The Free and Open Productivity Suite
Quote   Quote: Originally Posted by NoN View Post
Quote   Quote: Originally Posted by CorneliusM View Post
Quote   Quote: Originally Posted by theog View Post
Delete the pirated software that you downloaded, as the virus is in side the download.

Than run MSE full scan.
I don't have pirated software but, I did remove the .exe's for one for activating Office 2010 called Keygen.Microsoft.Office.2010.45057.exe which has been removed as MSE discovered the problem.
Did you used that keygen to activate the Trial version? No big matter, but not really in the rules....that's why MSE listed to remove that KeyGen.
Yeah I used it but I didn't think it would be infecting the Office installation at all, from now on I'm paying for products if I have to! I hope it works, the MRT's been scanning for an hour now.


My System SpecsSystem Spec
.
01 Jul 2010   #12
CorneliusM

windows 7 Home Premium 64 Bit
 
 

Would a system restore work? My friend's just given me a copy of AVG Rootkit too to try that, he thinks it could be that.
My System SpecsSystem Spec
01 Jul 2010   #13
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by NoN View Post
Did you used that keygen to activate the Trial version? No big matter
I disagree. To those of us who spend a considerable amount of our time cleaning infected computers, piracy is a big matter. It is also a primary factor in the high price of software licenses.

That said, CorneliusM, let's take a closer look and see if we can help with the 30-day issue. That is likely what is causing problems with MSE.

Please download CKScanner from here.

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


In addition, please download WVCheck and save it to the desktop.

  • Double click on WVCheck.exe and follow the prompts.
  • The scan may take some time depending on the Hard-Drive size.
  • Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.
My System SpecsSystem Spec
.

01 Jul 2010   #14
CarlTR6

Windows 7 Ultimate 32 bit
 
 

A lesson learned.
My System SpecsSystem Spec
01 Jul 2010   #15
CorneliusM

windows 7 Home Premium 64 Bit
 
 

Quote   Quote: Originally Posted by Corrine View Post
Quote   Quote: Originally Posted by NoN View Post
Did you used that keygen to activate the Trial version? No big matter
I disagree. To those of us who spend a considerable amount of our time cleaning infected computers, piracy is a big matter. It is also a primary factor in the high price of software licenses.

That said, CorneliusM, let's take a closer look and see if we can help with the 30-day issue. That is likely what is causing problems with MSE.

Please download CKScanner from here.

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


In addition, please download WVCheck and save it to the desktop.

  • Double click on WVCheck.exe and follow the prompts.
  • The scan may take some time depending on the Hard-Drive size.
  • Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.
Hi Corrine, Thanks for the links, this is the WVCheck results:

Windows Validation Check
Log Created On: 2309_01-07-2010
------------------------

Windows Information
-----------------------
Windows Version: Windows 7
Windows Mode: Normal


WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
------------------------------
Last Success Time for Update Detection: 2010-07-01 12:12:31
Last Success Time for Update Download: 2010-07-01 01:24:25
Last Success Time for Update Installation: 2010-07-01 01:25:11


WVCheck's File Dump
-------------------
WVCheck found no known bad files.


WVCheck's Missing File Check
-------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-------------------
user32.dll - 34b7e222e81fafa885f0c5f2cfa56861


-------- End of File, program close at 2311_01-07-2010 --------

And this is the CKfiles results:


CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\gimp-2.0\share\gimp\2.0\brushes\cracks2-2.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\cracks2-3.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\cracks2-4.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\cracks2-5.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\cracks2-6.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\cracks2-7.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\cracks2.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-10.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-11.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-12.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-13.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-14.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-15.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-16.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-17.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-18.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-19.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-2.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-20.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-21.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-22.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-23.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-24.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-25.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-26.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-27.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-28.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-29.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-3.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-30.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-31.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-32.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-33.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-34.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-35.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-36.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-37.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-38.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-39.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-4.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-40.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-41.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-42.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-43.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-44.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-45.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-46.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-47.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-48.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-49.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-5.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-50.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-51.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-52.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-53.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-54.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-6.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-7.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-8.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-9.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar.gbr
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\program files\image-line\hardcore\presets\i cracked my tube!.hdprg
c:\program files\image-line\sawer\presets\ambient\mc cracked.sawer
c:\users\cornelius\.gimp-2.6\patterns\cracked.pat
c:\users\cornelius\photoshop cs5\photoshop cs5\presets\brushes\anodyne-stock_cracks.abr
c:\users\cornelius\photoshop cs5\photoshop cs5\presets\brushes\crack_it_up_by_flapdrol21.abr
c:\users\cornelius\photoshop cs5\ps brushes\anodyne_stock_cracks.zip
scanner sequence 3.ZZ.11
----- EOF -----

Just uninstalling Office 2010 now, too.
My System SpecsSystem Spec
01 Jul 2010   #16
NoN

Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
 
 

Quote   Quote: Originally Posted by Corrine View Post
Quote   Quote: Originally Posted by NoN View Post
Did you used that keygen to activate the Trial version? No big matter
I disagree. To those of us who spend a considerable amount of our time cleaning infected computers, piracy is a big matter. It is also a primary factor in the high price of software licenses.
One day or another people get caught...search thing doesn't last very long!
I've the right to tell it in a certain way, but not the right to forbid it.

My apologize...
My System SpecsSystem Spec
01 Jul 2010   #17
CorneliusM

windows 7 Home Premium 64 Bit
 
 

Okay with Office 2010 removed it all seems gone. I can update MSE again and give Windows Updates the chance for me to hide what they offer me again

I really have do appreciate every body's help on this, like Carl said- I won't be doing that again!

Also, Trend Micro Housecall spotted a hidden file and removed it so chances are this thing is gone but I'm still gonna run some Anti-rootkit software to double check everything!
My System SpecsSystem Spec
01 Jul 2010   #18
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Hi, CorneliusM.

I am not seeing a question about your copy of Windows 7 being valid. However, with the 30-day issue, I suggest you telephone activate. This is for the U.K. Microsoft UK - Licensing and includes an option to e-mail or telephone for assistance.

In addition to Office, it appears you also have pirated versions of Gimp, ImageLine and Photoshop.
My System SpecsSystem Spec
01 Jul 2010   #19
CorneliusM

windows 7 Home Premium 64 Bit
 
 

Quote   Quote: Originally Posted by Corrine View Post
Hi, CorneliusM.

I am not seeing a question about your copy of Windows 7 being valid. However, with the 30-day issue, I suggest you telephone activate. This is for the U.K. Microsoft UK - Licensing and includes an option to e-mail or telephone for assistance.

In addition to Office, it appears you also have pirated versions of Gimp, ImageLine and Photoshop.
Weird, it does say my Windows 7 is Validated in the system information and I got my box and product key with me, if ever it changes and asks, I installed it over christmas. Gimp and Imageline are both legal versions too I got Gimp from the site and, FruityLoops from their site so I don't know why it would think their illegal
My System SpecsSystem Spec
01 Jul 2010   #20
Thorsen

Win7 Home Premium 64x
 
 

Good catch Corrine on the other software! The keygen programs prey on people wanting to get something for free. and are hosted at sites that allow such things. This is the shadier side of the internet. They are a perfect opportunity to get a virus and they have a program they know they can hide in.....the program you want the keygen for.
My System SpecsSystem Spec
Reply

 trojan downloader:win32/cutwail.ba HELP!




Thread Tools




Similar help and support threads
Thread Forum
Trojan:Win32/FakeSysdef
This computer again: https://www.sevenforums.com/browsers-mail/214851-ie9-32bit-context-menu-fails-w7-pro-64bit.html Here is some of what I know about the box build. I was asked to cleanup the aftermath of this: Encyclopedia entry: Trojan:Win32/FakeSysdef - Learn more about malware -...
System Security
Trojan:Win32/Comroki!rts
Downloaded and ran the Microsoft Safety Scanner and it found this. Trojan:Win32/Comroki!rts Safety Scanner removed so it says. All I found with Google besides sales pitches to buy things is this at MS. Encyclopedia entry: Trojan:Win32/Comroki - Learn more about malware - Microsoft Malware...
System Security
Trojan-Downloader.Win32.VB.bbl
I found this awesome virus "Trojan-Downloader.Win32.VB.bbl" and analyzed its behaviour in a VirtualBox and quickly found a weaknes :p It is very hard to remove, it closes antivirus setups and then deletes them, closes all windows containg anything about antivirus tools (even if you google anything...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:18.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App